Question

Error when running main.ps1 during service update

L
Rank
Userlevel 1
Badge +2

New-SSHSession : Permission denied (publickey).
At C:\ifsroot\utils\common.psm1:43 char:23
+ ... LOBAL:ssh = New-SSHSession -Computer $NodeName -Credential $cred -Key ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : SecurityError: (Renci.SshNet.SshClient:SshClient) [New-SSHSession], SshAuthenticationExc
   eption
    + FullyQualifiedErrorId : SSH.NewSshSession

Exception Occured While Opening Connection with the Linux Box.
2023-03-27 05:06:53.60   OXXXXXX-MNT Stop Open-ConnectionsWithLinuxBox
C:\ifsroot\main.ps1 : Error found in ScriptHalted. Please check logs for details.
At line:1 char:1
+ .\main.ps1
+ ~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,main.ps1

>>> Finalize Script Execution <<<
Clean up Scripts in Linux Box.
Close Open Connections with Linux Box.

 

Please help.

19 replies

S
Rank
Userlevel 3
Badge +7

Hi @Lakmal ,

could you please attach the log files to further analyze the issue (log file location is set to ..\..\..\logs\ifscloudinstaller)
 

Best Regards,

Shirantha Herath

https://www.linkedin.com/in/shiranthaherath/

B
Rank
Userlevel 5
Badge +12

Hi Lakmal,

 

In the PowerShell window, what is the output of $ssh? The SessionId should be 0. If it is not, please close all other SSH sessions. Be sure to also close and re-open the current PowerShell window.

 

Best regards,

Ben

IFS | GSD Technology

L
Rank
Userlevel 1
Badge +2

Thank you for the quick replies.

 

Hi Shirantha,

Please find the attached logfiles.

 

Hi Ben,

I closed all the powershell windows and start a new one after restarting management server. But the issue still remains.

 

Best regards,

Lakmal

1 Attachment
D
Rank
Badge +5

Got a similar issue while doing a fresh installation because the linux directories and files of /home/ifs did not have the correct set of permissions. Had to correct the permissions as below.

 

 

Not sure if this would help or not.

 

Best Regards,

Devin

B
Rank
Userlevel 5
Badge +12

Hi Lakmal,

 

So, before closing the PowerShell window, what was the SessionId for $ssh?

You will not be able to confirm it after closing the window. You will need to run the batch file again and then check.

 

Best regards,

Ben

L
Rank
Userlevel 1
Badge +2

Hi Lakmal,

 

So, before closing the PowerShell window, what was the SessionId for $ssh?

You will not be able to confirm it after closing the window. You will need to run the batch file again and then check.

 

Best regards,

Ben

Hi Ben,

Following command returned nothing.

PS C:\ifsroot> $ssh
PS C:\ifsroot>

Regards,

Lakmal

L
Rank
Userlevel 1
Badge +2

Got a similar issue while doing a fresh installation because the linux directories and files of /home/ifs did not have the correct set of permissions. Had to correct the permissions as below.

 

 

Not sure if this would help or not.

 

Best Regards,

Devin

Hi Devin,

Permissions are correct (ifs user have access).

ifs@xxxxprod:/home$ ls -all
total 12
drwxr-xr-x  3 root root 4096 Oct  4  2021 .
drwxr-xr-x 21 root root 4096 Jan  5 10:38 ..
drwxr-xr-x  5 ifs  ifs  4096 Mar 17 14:09 ifs

ifs@xxxxprod:~$ ls -all
total 44
drwxr-xr-x 5 ifs  ifs  4096 Mar 17 14:09 .
drwxr-xr-x 3 root root 4096 Oct  4  2021 ..
-rw------- 1 ifs  ifs   442 Mar 17 14:08 .bash_history
-rw-r--r-- 1 ifs  ifs   220 Feb 25  2020 .bash_logout
-rw-r--r-- 1 ifs  ifs  3771 Feb 25  2020 .bashrc
drwx------ 2 ifs  ifs  4096 Oct  4  2021 .cache
-rw-r--r-- 1 ifs  ifs   807 Feb 25  2020 .profile
drwx------ 3 ifs  ifs  4096 Jan  5 10:44 snap
drwxrwxr-x 2 ifs  ifs  4096 Jan  5 10:37 .ssh

ifs@xxxxprod:~$ cd .ssh/
ifs@xxxxprod:~/.ssh$ ls -all
total 20
drwxrwxr-x 2 ifs ifs 4096 Jan  5 10:37 .
drwxr-xr-x 5 ifs ifs 4096 Mar 17 14:09 ..
-rw-rw-r-- 1 ifs ifs 8317 Mar 27 11:50 authorized_keys
 

Best regards,

Lakmal

Charith Epitawatta
Rank
Userlevel 7
Badge +31

Hi @Lakmal,

Are you able to ssh into the Linux server manually from the Windows Management Server? You can check using the following command:

ssh ifs@<LinuxHost>

Run the above command in a command line and enter the password for the Linux server when prompted. See if you can either login or get any specific error.

Hope this helps!

Charith - https://charith.xyz
L
Rank
Userlevel 1
Badge +2

Hi @Lakmal,

Are you able to ssh into the Linux server manually from the Windows Management Server? You can check using the following command:

ssh ifs@<LinuxHost>

Run the above command in a command line and enter the password for the Linux server when prompted. See if you can either login or get any specific error.

Hope this helps!

Hi Charith,

Yes, I can connect with ssh. 

 

I can reproduce the same error with “.\main.ps1 -resource 'REBOOT-LINUXBOX'”.

2023-03-27 14:07:44.98   XXXXPROD-MNT Open Connections with Linux Box(XXXXprod-ifsV1.xxxprod.local)...
New-SSHSession : Permission denied (publickey).
At C:\ifsroot\utils\common.psm1:40 char:23
+ ... LOBAL:ssh = New-SSHSession -Computer $linuxhost -Credential $cred -Ke ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : SecurityError: (Renci.SshNet.SshClient:SshClient) [New-SSHSession], SshAuthenticationExc
   eption
    + FullyQualifiedErrorId : SSH.NewSshSession

Exception Occured While Opening Connection with the Linux Box.
2023-03-27 14:07:45.06   XXXXPROD-MNT Stop Open-ConnectionsWithLinuxBox
C:\ifsroot\main.ps1 : Error found in ScriptHalted. Please check logs for details.
At line:1 char:1
+ .\main.ps1 -resource 'REBOOT-LINUXBOX'
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,main.ps1

>>> Finalize Script Execution <«

Best regards,

Lakmal

D
Rank
Badge +5

Got a similar issue while doing a fresh installation because the linux directories and files of /home/ifs did not have the correct set of permissions. Had to correct the permissions as below.

 

 

Not sure if this would help or not.

 

Best Regards,

Devin

Hi Devin,

Permissions are correct (ifs user have access).

ifs@xxxxprod:/home$ ls -all
total 12
drwxr-xr-x  3 root root 4096 Oct  4  2021 .
drwxr-xr-x 21 root root 4096 Jan  5 10:38 ..
drwxr-xr-x  5 ifs  ifs  4096 Mar 17 14:09 ifs

ifs@xxxxprod:~$ ls -all
total 44
drwxr-xr-x 5 ifs  ifs  4096 Mar 17 14:09 .
drwxr-xr-x 3 root root 4096 Oct  4  2021 ..
-rw------- 1 ifs  ifs   442 Mar 17 14:08 .bash_history
-rw-r--r-- 1 ifs  ifs   220 Feb 25  2020 .bash_logout
-rw-r--r-- 1 ifs  ifs  3771 Feb 25  2020 .bashrc
drwx------ 2 ifs  ifs  4096 Oct  4  2021 .cache
-rw-r--r-- 1 ifs  ifs   807 Feb 25  2020 .profile
drwx------ 3 ifs  ifs  4096 Jan  5 10:44 snap
drwxrwxr-x 2 ifs  ifs  4096 Jan  5 10:37 .ssh

ifs@xxxxprod:~$ cd .ssh/
ifs@xxxxprod:~/.ssh$ ls -all
total 20
drwxrwxr-x 2 ifs ifs 4096 Jan  5 10:37 .
drwxr-xr-x 5 ifs ifs 4096 Mar 17 14:09 ..
-rw-rw-r-- 1 ifs ifs 8317 Mar 27 11:50 authorized_keys
 

Best regards,

Lakmal


Hi Lakmal,


authorized_keys should have ideally 600 permission set, as it should have read and write permissions for the owner and not be accessible by group and others. Worth a try :)

Best Regards,

Devin​​​​​​

L
Rank
Userlevel 1
Badge +2

Got a similar issue while doing a fresh installation because the linux directories and files of /home/ifs did not have the correct set of permissions. Had to correct the permissions as below.

 

 

Not sure if this would help or not.

 

Best Regards,

Devin

Hi Devin,

Permissions are correct (ifs user have access).

ifs@xxxxprod:/home$ ls -all
total 12
drwxr-xr-x  3 root root 4096 Oct  4  2021 .
drwxr-xr-x 21 root root 4096 Jan  5 10:38 ..
drwxr-xr-x  5 ifs  ifs  4096 Mar 17 14:09 ifs

ifs@xxxxprod:~$ ls -all
total 44
drwxr-xr-x 5 ifs  ifs  4096 Mar 17 14:09 .
drwxr-xr-x 3 root root 4096 Oct  4  2021 ..
-rw------- 1 ifs  ifs   442 Mar 17 14:08 .bash_history
-rw-r--r-- 1 ifs  ifs   220 Feb 25  2020 .bash_logout
-rw-r--r-- 1 ifs  ifs  3771 Feb 25  2020 .bashrc
drwx------ 2 ifs  ifs  4096 Oct  4  2021 .cache
-rw-r--r-- 1 ifs  ifs   807 Feb 25  2020 .profile
drwx------ 3 ifs  ifs  4096 Jan  5 10:44 snap
drwxrwxr-x 2 ifs  ifs  4096 Jan  5 10:37 .ssh

ifs@xxxxprod:~$ cd .ssh/
ifs@xxxxprod:~/.ssh$ ls -all
total 20
drwxrwxr-x 2 ifs ifs 4096 Jan  5 10:37 .
drwxr-xr-x 5 ifs ifs 4096 Mar 17 14:09 ..
-rw-rw-r-- 1 ifs ifs 8317 Mar 27 11:50 authorized_keys
 

Best regards,

Lakmal


Hi Lakmal,


authorized_keys should have ideally 600 permission set, as it should have read and write permissions for the owner and not be accessible by group and others. Worth a try :)

Best Regards,

Devin​​​​​​

Hi Devin,

Same issue after setting .ssh directory permissions to 700 and the authorized_keys permissions to 600.

Best regards,

Lakmal

Charith Epitawatta
Rank
Userlevel 7
Badge +31

Hi @Lakmal  

 

I can reproduce the same error with “.\main.ps1 -resource 'REBOOT-LINUXBOX'”.

2023-03-27 14:07:44.98   XXXXPROD-MNT Open Connections with Linux Box(XXXXprod-ifsV1.xxxprod.local)...
New-SSHSession : Permission denied (publickey).

According to this error, it could be an issue with the SSH public and private keys. 

Please check whether the id_rsa and id_rsa.pub keys are present in the following directory in your Windows Management Server:

\\ifsroot\config\secrets\.ssh\

If you open the public key(id_rsa.pub), it should have a string in following format:

ssh-rsa <SomeHash> <OSUserName>@<WindowsMgmtServerName>

Make sure you are logged in as the given OSUserName in above.

After this, login to the Linux server and check the content of authorized_keys file there. It should have the content of the id_rsa.pub file.

Hope this helps!

Charith - https://charith.xyz
L
Rank
Userlevel 1
Badge +2

Please check whether the id_rsa and id_rsa.pub keys are present in the following directory in your Windows Management Server:

\\ifsroot\config\secrets\.ssh\

If you open the public key(id_rsa.pub), it should have a string in following format:

ssh-rsa <SomeHash> <OSUserName>@<WindowsMgmtServerName>

Make sure you are logged in as the given OSUserName in above.

After this, login to the Linux server and check the content of authorized_keys file there. It should have the content of the id_rsa.pub file.

Hope this helps!

Hi Charith,

I can confirm that the public key recorded in the id_rsa.pub is added to the authorized_keys file with many other previous entries. And I’m logged in as a mentioned user name in id_rsa.pub.

Regards,

Lakmal

G
Rank
Badge +3

Is there an update on this - experiencing the same issue. Everything looks correct, but the public key permission issue persists.

T
Rank
Userlevel 1
Badge +3

I expirieced the same issue root cause was SSH server gives "userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]" when connecting

Following help me to resolve the issue 

1. Add this line in /etc/ssh/sshd_config. in Ubuntu server

   PubkeyAcceptedAlgorithms +ssh-rsa
   
2. Afterwards, restart the sshd service to make the new settings come into effect.

$ sudo systemctl restart sshd

U
Rank
Badge +1

Hello, try to run command in PowerShell:

Get-SSHTrustedHost | Remove-SSHTrustedHost

 

You could read more about it here: 

New-SSHSession : Key exchange negotiation failed. SecurityError: (Renci.SshNet.SshClient:SshClient) · Issue #216 · darkoperator/Posh-SSH · GitHub

C
Rank
Badge +3

Hello, try to run command in PowerShell:

Get-SSHTrustedHost | Remove-SSHTrustedHost

 

You could read more about it here: 

New-SSHSession : Key exchange negotiation failed. SecurityError: (Renci.SshNet.SshClient:SshClient) · Issue #216 · darkoperator/Posh-SSH · GitHub

This solved the issue for me. Although my error message was “Key exchange negotiation failed”, and not same as topic starter.

S
Rank
Userlevel 3
Badge +7

I expirieced the same issue root cause was SSH server gives "userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]" when connecting

Following help me to resolve the issue 

1. Add this line in /etc/ssh/sshd_config. in Ubuntu server

   PubkeyAcceptedAlgorithms +ssh-rsa
   
2. Afterwards, restart the sshd service to make the new settings come into effect.

$ sudo systemctl restart sshd

This one crashed the whole SSH for me. Had to reset it from the VM console.

So make sure your sshd does restart cleanly and
systemctl status ssh.service
shows ‘active’ before you close the connection.
(It doesn’t drop the current connection, but if you exit you won’t get back)

We’re experiencing this problem with .\main.ps1 -resource 'KUBERNETES'

2024-02-27 09:33:36.70   DSE1VMPE160 Ping for Prerequisites Modules...
Module  Posh-SSH exists.
2024-02-27 09:33:36.87   DSE1VMPE160 Open Connections with Linux Box(dse1k8s494)...
New-SFTPSession : Channel was closed.
At C:\ifsroot\utils\common.psm1:48 char:24
+ ... OBAL:sftp = New-SFTPSession -ComputerName $NodeName -Credential $cred ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (Renci.SshNet.SftpClient:SftpClient) [New-SFTPSession], SshException
    + FullyQualifiedErrorId : SSH.NewSftpSession

Exception Occured While Opening Connection with the Linux Box.
2024-02-27 09:33:37.51   DSE1VMPE160 Stop Open-ConnectionsWithLinuxBox
C:\ifsroot\main.ps1 : Error found in ScriptHalted. Please check logs for details.
At line:1 char:1
+ .\main.ps1 -resource 'KUBERNETES'
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,main.ps1

>>> Finalize Script Execution <<<



Doesn’t seem to be anything in the logs, just the SshException .
SSH works fine manually from the same powershell, no problems with the ‘KEY’ section either.

We do get 0 in the $ssh:

PS C:\ifsroot> echo $ssh

SessionId  Host                                                     Connected
---------  ----                                                     ---------
    0      dse1k8s494

S
Rank
Userlevel 3
Badge +7

My case was traced to SFTP - that didn’t work but SSH did.

The reason was that in  /etc/ssh/sshd_config it was specified
/usr/lib/openssh/sftp-server -L verbose
but that run on the command line gives a ‘usage’ response, ie. there’s no parameter -L  (it is -l according to usage)
I dropped the parameter altogether so that it read only
/usr/lib/openssh/sftp-server
restarted sshd, and that solved the issue.

Maybe the parameters have changed at some point and -L has been dropped from the current version of sftp-server while the config file has not been updated..?

Reply


Terms & ConditionsCookie settings